OpenStack Identity (keystone)

grizzly sample_data.sh ignores password variables

Bug #1166182 reported by Steven Hardy
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Robert Hyerle
OpenStack Identity (keystone) 2013.2 "havana"
Grizzly
Fix Released
Medium
Dolph Mathews
OpenStack Identity (keystone) 2013.1.2

Bug Description

The change merged as part of bug #1073291 removes useful functionality - pre grizzly, it was possible to pass in a specific password via the ADMIN_PASSWORD and SERVICE_PASSWORD variables, but these variables are now ignored.

# Please set these, they are ONLY SAMPLE PASSWORDS!
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
if [[ "$ADMIN_PASSWORD" == "secrete" ]]; then
    echo "The default admin password has been detected. Please consider"
    echo "setting an actual password in environment variable ADMIN_PASSWORD"
fi
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
if [[ "$SERVICE_PASSWORD" == "$ADMIN_PASSWORD" ]]; then
    echo "The default service password has been detected. Please consider"
    echo "setting an actual password in environment variable SERVICE_PASSWORD"
fi

For some reason, this code was completely removed from sample_data.sh, instead of just aligning the values with the docs.

This silently breaks any scripts which specify a password, which is pretty confusing when moving from Folsom until you realize what is going wrong (e.g the heat tools/openstack script : https://github.com/openstack/heat/blob/master/tools/openstack#L238)

Robert Hyerle (hyerle)
Changed in keystone:
assignee: nobody → Robert Hyerle (hyerle)
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/27653

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/27653
Committed: http://github.com/openstack/keystone/commit/76ee689d09de6c93de447ade626c94137c778865
Submitter: Jenkins
Branch: master

commit 76ee689d09de6c93de447ade626c94137c778865
Author: Robert H. Hyerle <email address hidden>
Date: Sun Apr 28 19:04:24 2013 +0200

    Accept env variables to override default passwords

    Preserves the default passwords corresponding to the OpenStack Install
    and Deploy Manual while allowing environment variables to specify user
    provided passwords. As well, a single common password for all the service
    users can be specified using the SERVICE_PASSWORD environment variable.

    This fix restores compatibility with the version of this script released
    in Folsom where the environment variables could override default passwords.
    It also preserves compatibility with the fix for bug 1073291 that brought
    the script into line with the docs (but unfortunately broke backwards
    compatibility).

    There is no warning emited if the user does not override the default
    passwords as was present in Folsom, but not in Grizzly. This makes the
    fix output compatible with Grizzly only. Note that the logic for warnings
    pre-Grizzly was unclear. The script is, however, clearly named "sample"
    and warnings are present in the comments.

    Change-Id: I927fcddf04dcb87e5c9252f0874939b17f3c4809
    Fixes: bug #1166182

Changed in keystone:
status: In Progress → Fix Committed
Dolph Mathews (dolph)
tags: added: grizzly-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/grizzly)

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/29950

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/grizzly)

Reviewed: https://review.openstack.org/29950
Committed: http://github.com/openstack/keystone/commit/6090bbe7a0ca98be9e8a56c3a655cfc496b2926f
Submitter: Jenkins
Branch: stable/grizzly

commit 6090bbe7a0ca98be9e8a56c3a655cfc496b2926f
Author: Robert H. Hyerle <email address hidden>
Date: Sun Apr 28 19:04:24 2013 +0200

    Accept env variables to override default passwords

    Preserves the default passwords corresponding to the OpenStack Install
    and Deploy Manual while allowing environment variables to specify user
    provided passwords. As well, a single common password for all the service
    users can be specified using the SERVICE_PASSWORD environment variable.

    This fix restores compatibility with the version of this script released
    in Folsom where the environment variables could override default passwords.
    It also preserves compatibility with the fix for bug 1073291 that brought
    the script into line with the docs (but unfortunately broke backwards
    compatibility).

    There is no warning emited if the user does not override the default
    passwords as was present in Folsom, but not in Grizzly. This makes the
    fix output compatible with Grizzly only. Note that the logic for warnings
    pre-Grizzly was unclear. The script is, however, clearly named "sample"
    and warnings are present in the comments.

    Change-Id: I927fcddf04dcb87e5c9252f0874939b17f3c4809
    Fixes: bug #1166182

Alan Pevec (apevec)
tags: removed: grizzly-backport-potential
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → havana-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: havana-1 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.